Radio Frequency Identification (RFID) is currently presented as a high-potential enabling technology that could radically change the way that information is handled. RFID tags are mainly used in supply chains to automate the identification process without requiring line-of-sight during reading operations. Identity information could have potential benefits in many application domains.
Typically, an RFID tag consists of an integrated circuit with a small storage capability and an antenna. Some tags, referred to as “active tags”, have an internal power source which is generally used to power any processing circuitry and to generate outgoing signals. Other tags, referred to as “passive tags”, do not have any internal power source. Passive tags generally get the energy required for responding to incoming signals and generating outgoing signals by collecting power from an electromagnetic field generated by a reader. Also, there exist tags known as “semi-active” (or sometimes “semi-passive”) tags, which generally have a small power source in order to enable the tag's processing circuitry to be powered constantly. These tags therefore do not need to collect power from incoming signals before commencing any processing, allowing them generally to provide faster responses than passive tags.
An RFID tag generally holds identity information relating to an associated physical object, such as a commercial product. Upon being queried by a reader, the tag generally responds with the identity information which may point to a unique location on a back-end database which stores detailed information about the object, such as expiry date, manufacture location, current location, etc. This information can be made available to the user essentially in real-time.
Surveys have repeatedly identified privacy as one of the most important concerns linked with the deployment of RFID technology to tag commercial products. Briefly, if objects are tagged, anyone with an RFID reader can potentially discover information relating to the objects, their owners, or their users, without the permission of the owners or users. Individuals holding RFID tags could be affected by surreptitious tracking and tag information could be used to collect personal information and profile user preferences. Similarly, companies owning RFID-tagged products would be vulnerable to espionage. Competitors could track their products just by monitoring tag IDs.
All RFID tags operate through the radio spectrum, which anyone within range can receive. Many of the current generation of tags lack access control capabilities, thus anyone, including malicious users, can read the information stored on the tag. A static “Unique Identifier” stored on the tag links the tagged object with the individuals or the company owning the object. Concrete evidence of RFID tags privacy concerns relates principally to the following issues:                Traceability: A unique identification number allows non-authorised readers to track a product as it moves from one reader to another.        Information Leakage: RFID Tags carry information about the product to which they are associated. Malicious hidden readers could collect product information without the owner's approval. (For example, RFID-tagged products owned by users thus provide potentially valuable information about the user's preferences.)        
Researchers and industrial activists have studied different approaches to mitigate RFID privacy problems. Most approaches burden the tag by incorporating some additional functionality onto the tag, changing the reader-tag communication protocol or adding new infrastructure such as encryption units or special tags. Ideally, the solution should provide adequate privacy protection at minimal cost.
Juels and Pappu [1] have proposed a method for RFID enabled banknotes. The serial number of “Euro” banknotes is carried by an RFID tag and protected through an encryption scheme. The serial number is subjected to re-encryption by computational devices that renders the traceability of the banknotes difficult. This scheme requires a single-verification entity and it is not compatible with multi-domain systems likely in supply chains scenarios.    [1] A. Juels and R. Pappu. “Squealing Euros: Privacy-Protection in RFID-Enabled Banknotes”. In R. Wright, ed., Financial Cryptography '03, pages 103-121. Springer-Verlag. 2003. LNCS no. 2742.
Weis, Sarma, Rivest and Engels [2] have proposed several security mechanisms to improve security in RFID systems. They have identified issues of attack based on eavesdropping and recognized that the power of the tag-to-reader communication is much weaker than that of reader-to-tag communication. The scheme proposed involves the use of hash functions and a pseudo-random generator on the tag. The system is based on a reverse hash-function look-up performed on a back-end server.
Due to these properties the scheme is impractical for large retailers and can only be efficient for owners of relatively small numbers of tags. Furthermore, pseudo-random generators cannot be implemented in current RFID tag technology.    [2] Sanjay E. Sarma, Stephen A. Weis, and Daniel W. Engels. “RFID Systems and Security and Privacy Implications”. In Workshop on Cryptographic Hardware and Embedded Systems, pages 454-470. Lecture Notes in Computer Science, 2002.
In “minimalist cryptography” [3a] Juels proposes a method in which a tag contains different pre-programmed pseudonyms. By disclosing a different pseudonym during each read operation tracking can be avoided. An authorised reader needs to be linked to a database to associate the pseudonym to the correct ID. The main weakness of this approach is the need to renew the set of pseudonyms in the tag. A more complex approach [3b] from NTT laboratories involves the use of secure hash chain functionality to automatically renew secret information contained in the tag. The rationale behind this approach is that a tag should not respond predictably to reader queries. The tag refreshes its identifier autonomously through the use of two hash (H and G) functions, and outputs a different pseudonym on each read. The secure database can map the tag output with the product information because it has access to the secret value used to generate the sequence of tag outputs. This solution suffers from scalability problems, as it is expensive to link the pseudonym to the correct ID without a defined hierarchical naming structure.    [3a] A. Juels. “Minimalist Cryptography for RFID Tags”. In C. Blundo, ed., Security of Communication Networks (SCN), 2004.    [3b] Miyako Ohkubo, Koutarou Suzuki and Shingo Kinoshita: “Cryptographic Approach to “Privacy-Friendly” Tags”, believed to have been presented at MIT in November 2003. See: http://lasecwww.epfl.ch/˜gavoine/download/papers/OhkuboSK-2003-mit-paper.pdf
These schemes incorporate some additional functionality onto the tag to address the lack of access control. However, their technology assumptions are not obviously applicable. RFID tags, particularly those that are likely to be widely deployed, will have several resource and architecture constraints.    (1) The “Juels and Pappu” proposal requires a trusted third party approach that can only be efficient in very specific contexts.    (2) The “Weis et al.” solutions are limited by the restricted amount of resources available in current passive RFID tags.    (3) The pseudonym solutions require additional memory on the tag.
Two alternative approaches to privacy and security problems encountered with RFID tags are outlined in the work of Juels, Rivest and Szydlo on the RFID Blocker Tag [4] and the work of Juels and Brainard on the Soft Blocking approach [5]. They both describe privacy enhancing solutions that can mitigate certain potential privacy issues.
The “Blocker Tag” is a disruptive scheme that obstructs reading operations by simulating the presence of a large set of RFID tags. It works on the singulation process implemented in current tag-reading standards interacting with the ‘tree-walking’ or ALOHA scheme. A blocker tag is a specific purpose device that users carry around for privacy protection and it prevents a private tag from being read. The main drawback of this solution is the disruption of reading operations. This weakness undermines the practicality of this solution.    [4] “The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy”. In V. Atluri, ed. 8th ACM Conference on Computer and Communications Security, pp. 103-111. ACM Press. 2003.
The “Soft Blocker” approach is a simple approach that expresses the privacy preferences of the RFID tags to the readers. This requires a privacy agent on the reader and a classification for the tag. For example, a tag that is classified as private causes the privacy agent on the reader to not disclose the value of the tag. In the same situation if a blocker classified tag is read, the privacy agent will filter out sensitive tag data. The main advantage of this solution is the flexibility in terms of policy implementation. New privacy policies could be arbitrarily created for different scenarios. The main weakness is the requirement of an audit mechanism or enforcement service that verifies that the privacy agent implemented in the reader respect the tag classification.    [5] A. Juels and J. Brainard: “Soft Blocking: Flexible Blocker Tags on the Cheap”. In S. De Capitani di Vimercati and P. Syverson, eds., Workshop on Privacy in the Electronic Society (WPES), 2004.
Another approach, referred to as the “Watchdog” tag, is discussed by Floerkemeier, Schneider and Langheinrich [6]. This is an active tag that overhears communication between the reader and the tag. A Watchdog tag can log identification information relating to the reader, the purpose of the reading operation and possibly the position of the reader. The data collected may then be made available to a final user for inspection and verification purpose. The Watchdog tag does not provide a privacy enforcement method, but may enhance the visibility of reader-tag interactions.    [6] “Scanning with a Purpose—Supporting the Fair Information Principles in RFID Protocols”, Christian Floerkemeier, Roland Schneider, Marc Langheinrich, Institute for Pervasive Computing ETH Zurich, Switzerland.
International patent application WO 2004/086290 relates to methods and systems for authenticating transponders such as those in an RFID system, using devices termed “verifiers”. An electronic “watermark” is computed for a transponder and is written to it. When read, the transponder provides its own data together with the watermark. Independently another device computes the correct watermark. Either the verifier compares the two and informs the reader, or the reader makes the comparison itself, in order to authenticate the transponder.